refacil-pay-mcp 1.1.32 → 1.1.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,7 +4,7 @@ Servidor MCP (Model Context Protocol) generado automáticamente para la API refa
4
4
 
5
5
  ## 🚀 Características
6
6
 
7
- - **18 herramientas** generadas automáticamente desde la colección Postman
7
+ - **20 herramientas** generadas automáticamente desde la colección Postman
8
8
  - **Autenticación flexible**: Username/Password con renovación automática de tokens
9
9
  - **Servidor HTTP** con Fastify
10
10
  - **Protocolo MCP** estándar para integración con IDEs
@@ -353,14 +353,16 @@ The table below lists the available payment methods along with their correspondi
353
353
  | `262` | Cash-in via **PSE Gateway** | 1,800 |
354
354
  | `153` | Cash-in via **Recaudo Efectivo** | 86,400 |
355
355
  | `163` | Cash-in via **TPaga** | 43,200 |
356
- | `248` | Cash-in via **QR Interoperable** | N/A |
356
+ | `248` | Cash-in via **QR Dinámico** (QR Interoperable dinámico) | N/A |
357
+ | `280` | Cash-in via **QR Híbrido** (QR Interoperable híbrido con monto, cantidad de usos y fecha de expiración variables) | N/A |
357
358
  | `250` | Cash-in via **Llaves Bre-B** | N/A |
358
359
  | `273` | Cash-in via **Tarjetas** (Débito y Crédito) | 3,600 |
359
360
  | `277` | Cash-in via **Whatsapp** | 2,592,000 |
360
361
 
361
362
  > ⚠ **Important:**
362
363
  The value provided in the expiresIn field **must be greater than or equal** to the minimum expiration defined for the selected payment method.
363
- > For **QR Interoperable (ID 248)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The resource expiration is managed internally by the provider and is set to the **end of the same day the resource is generated**.
364
+ > For **QR Dinámico (ID 248)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The resource expires at the **end of the day on which it is generated** (23:59:59 America/Bogota).
365
+ > For **QR Híbrido (ID 280)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The resource expiration is determined by the `expirationDate` parameter configured in the request.
364
366
  > For **Llaves Dinámicas Bre-B (ID 250)**, the `expiresIn` parameter **must be omitted**. If provided, the system will **ignore it automatically**. The key has a **fixed validity period of 10 minutes** from the moment of creation, determined by the server configuration.
365
367
 
366
368
 
@@ -531,7 +533,58 @@ If the request is made from a desktop or tablet, it is recommended to send `isQr
531
533
 
532
534
  ---
533
535
 
534
- ### **QR Interoperable**
536
+ ### **QR Interoperable Dinámico**
537
+
538
+ > ⚠ **Prerequisite:**
539
+ The merchant must complete the **Merchant Enrollment** process before using this method.
540
+ See the _Merchant Enrollment_ section for setup details.
541
+
542
+ > 🔁 **Open Resource:**
543
+ The **QR Interoperable Dinámico** operates as an _open resource_, meaning the generated QR can be used multiple times by the same user.
544
+
545
+ > ⚙️ **Technical Note — Dynamic QR Behavior:**
546
+ Dynamic QR codes may be scanned multiple times due to current limitations in the Redeban system.
547
+ This is **not** an error in our platform.
548
+
549
+ > 🕐 **Expiration Behavior:**
550
+ The `expiresIn` parameter **does not apply** to this payment method and should be **omitted** from the request.
551
+ If a value is sent, the system will **ignore it automatically**.
552
+ The QR resource expiration is controlled exclusively by the provider (Redeban) and is always set to the **end of the day on which the resource is generated** (23:59:59 America/Bogota).
553
+
554
+
555
+ #### Behavior Details
556
+
557
+ - Redeban does not automatically invalidate a dynamic QR after its first scan.
558
+
559
+ - As a result, the same QR may generate multiple transaction records.
560
+
561
+
562
+ #### Recommendations
563
+
564
+ - Implement **application-level validation** to detect multiple payments from the same QR code.
565
+
566
+ - Monitor dynamic QR transactions and confirm status before marking payments as completed.
567
+
568
+ - Inform end-users to verify the success of a transaction before rescanning.
569
+
570
+
571
+ #### Future Considerations
572
+
573
+ - Redeban is evaluating support for **single-use dynamic QR control**.
574
+
575
+ - Stay updated with interoperability provider announcements to adjust integrations accordingly.
576
+
577
+
578
+ #### Request Structure
579
+
580
+ ``` json
581
+ "paymentMethod": {
582
+ "id": 248
583
+ }
584
+
585
+ ```
586
+
587
+ #### Optional Fields
535
588
 
536
589
  For this method, the following fields are **optional**:
537
590
 
@@ -547,57 +600,84 @@ For this method, the following fields are **optional**:
547
600
  The service can function using only the payment method ID; however, providing these optional fields can **improve response time**.
548
601
  You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
549
602
 
603
+ ---
604
+
605
+ ### **QR Interoperable Híbrido**
606
+
550
607
  > ⚠ **Prerequisite:**
551
608
  The merchant must complete the **Merchant Enrollment** process before using this method.
552
609
  See the _Merchant Enrollment_ section for setup details.
553
610
 
554
- > 🔁 **Open Resource:**
555
- The **QR Interoperable** operates as an _open resource_, meaning the generated QR can be used multiple times by the same user.
611
+ > 🔁 **Reusable Resource:**
612
+ The **QR Interoperable Híbrido** can be scanned up to the number of times specified in `quantityUses`.
556
613
 
557
- > ⚙️ **Technical Note — Dynamic QR Behavior:**
558
- Dynamic QR codes may be scanned multiple times due to current limitations in the Redeban system.
614
+ > ⚙️ **Technical Note — Hybrid QR Behavior:**
615
+ The Hybrid QR is a static QR code with a pre-set fixed amount. It generates a closed payment URL valid for a defined number of uses and time period.
559
616
  This is **not** an error in our platform.
560
617
 
561
618
  > 🕐 **Expiration Behavior:**
562
619
  The `expiresIn` parameter **does not apply** to this payment method and should be **omitted** from the request.
563
620
  If a value is sent, the system will **ignore it automatically**.
564
- The QR resource expiration is controlled exclusively by the provider (Redeban) and is always set to the **end of the day on which the resource is generated** (23:59:59 America/Bogota).
621
+ The QR validity period is controlled by the `expirationDate` parameter sent in the request.
565
622
 
566
623
 
567
624
  #### Behavior Details
568
625
 
569
- - Redeban does not automatically invalidate a dynamic QR after its first scan.
626
+ - The QR is valid until it reaches the maximum number of scans defined in `quantityUses` or until the `expirationDate`, whichever comes first.
570
627
 
571
- - As a result, the same QR may generate multiple transaction records.
628
+ - Once the usage limit or expiration date is reached, the QR is automatically invalidated.
572
629
 
573
630
 
574
631
  #### Recommendations
575
632
 
576
- - Implement **application-level validation** to detect multiple payments from the same QR code.
633
+ - Set a `quantityUses` value appropriate for your use case (1–3 uses).
577
634
 
578
- - Monitor dynamic QR transactions and confirm status before marking payments as completed.
635
+ - Set a realistic `expirationDate` to avoid leaving open QR codes active longer than intended.
579
636
 
580
- - Inform end-users to verify the success of a transaction before rescanning.
637
+ - Monitor hybrid QR transactions and confirm status before marking payments as completed.
581
638
 
582
639
 
583
640
  #### Future Considerations
584
641
 
585
- - Redeban is evaluating support for **single-use dynamic QR control**.
586
-
587
642
  - Stay updated with interoperability provider announcements to adjust integrations accordingly.
588
643
 
589
644
 
645
+ #### Required Parameters
646
+
647
+ These parameters are **required** for QR Interoperable Híbrido:
648
+
649
+ | **Field** | **Type** | **Required** | **Valid values** | **Description** |
650
+ | --- | --- | --- | --- | --- |
651
+ | `quantityUses` | `string` | ✅ | `"1"`, `"2"` or `"3"` | Maximum number of times the QR can be scanned/used. Must be sent as a numeric string. |
652
+ | `expirationDate` | `string` | ✅ | `YYYY-MM-DD` format, from today up to `2100-12-31` | Date until which the QR remains valid. Must be a real calendar date. |
653
+
654
+ #### Request Structure
655
+
590
656
  ``` json
591
657
  "paymentMethod": {
592
- "id": 248,
593
- "cellphone": "string",
594
- "documentType": "string",
595
- "documentNumber": "string",
596
- "merchantId": "string"
658
+ "id": 280,
659
+ "quantityUses": "2",
660
+ "expirationDate": "2027-12-31"
597
661
  }
598
662
 
599
663
  ```
600
664
 
665
+ #### Optional Fields
666
+
667
+ For this method, the following fields are **optional**:
668
+
669
+ - `cellphone`
670
+
671
+ - `documentNumber`
672
+
673
+ - `documentType`
674
+
675
+ - `merchantId`
676
+
677
+
678
+ The service can function using only the payment method ID and the required parameters; however, providing these optional fields can **improve response time**.
679
+ You may retrieve this data through the `enrollment-data` service in the [Merchant Enrollment](https://documenter.getpostman.com/view/35146358/2sA3QpDEFA#8c9f5a18-a19a-4b8f-baba-cd7501aa29a0) section.
680
+
601
681
  ---
602
682
 
603
683
  ### **Llaves** Dinámicas **Bre-B**
@@ -721,11 +801,11 @@ For this method, the following fields are **optional**:
721
801
 
722
802
  ``` json
723
803
  "paymentMethod": {
724
- "id": 277,
725
- "cellphone": "string",
726
- "pdfUrl": "string",
727
- "whatsappAccountId": "string",
728
- "templateName": "string"
804
+ "id": 277, // required
805
+ "cellphone": "string", // required
806
+ "pdfUrl": "string", // optional
807
+ "whatsappAccountId": "string", // required
808
+ "templateName": "string" // optional
729
809
  }
730
810
 
731
811
  ```
@@ -736,7 +816,7 @@ For this method, the following fields are **optional**:
736
816
  | --- | --- | --- | --- |
737
817
  | `amount` | number | ✅ | Value of the payment. |
738
818
  | `brandId` | number | ❌ | ID of the customer's white label; if one is not available, the default ID 79 is sent. |
739
- | `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. Not applicable for **QR Interoperable (ID 248)** and **Llaves Dinámicas Bre-B (ID 250)** — if provided, the system ignores it. For QR Interoperable, expiration is set to end of day; for Llaves Dinámicas Bre-B, expiration is always 10 minutes from creation. |
819
+ | `expiresIn` | number | ❌ | Time in seconds for the expiration of the resource or payment link. Not applicable for **QR Dinámico (ID 248)**, **QR Híbrido (ID 280)** and **Llaves Dinámicas Bre-B (ID 250)** — if provided, the system ignores it. For QR products, expiration is set to end of day; for Llaves Dinámicas Bre-B, expiration is always 10 minutes from creation. |
740
820
  | `paymentMethod` | object | ✅ | Object specifying the payment method and its details. |
741
821
  | `paymentMethod.id` | number | ✅ | ID of the selected payment method (see available payment methods). |
742
822
  | `reference1` | string | ✅ | Customer identifier, must be between 1 and 36 characters. |
@@ -757,16 +837,16 @@ For this method, the following fields are **optional**:
757
837
  | Name | Type | Description |
758
838
  | --- | --- | --- |
759
839
  | body | string | Body del request |
760
- | expiresIn | number | Campo del body: expiresIn |
761
- | paymentMethod | object | Campo del body: paymentMethod |
762
- | userMetadata | object | Campo del body: userMetadata |
763
840
  | amount | number | Campo del body: amount |
764
841
  | brandId | number | Campo del body: brandId |
765
- | webhookUrl | string | Campo del body: webhookUrl |
766
- | returnUrl | string | Campo del body: returnUrl |
767
- | showSummary | boolean | Campo del body: showSummary |
842
+ | paymentMethod | object | Campo del body: paymentMethod |
768
843
  | reference1 | string | Campo del body: reference1 |
769
844
  | reference2 | object | Campo del body: reference2 |
845
+ | returnUrl | string | Campo del body: returnUrl |
846
+ | showSummary | boolean | Campo del body: showSummary |
847
+ | userMetadata | object | Campo del body: userMetadata |
848
+ | webhookUrl | string | Campo del body: webhookUrl |
849
+ | expiresIn | number | Campo del body: expiresIn |
770
850
 
771
851
  ### `cash_out_generate_withdraw_method_token`
772
852
 
@@ -1116,6 +1196,341 @@ For withdraws, a notification will be sent to the webhook provided in the applic
1116
1196
  | --- | --- | --- |
1117
1197
  | reference | string | Campo del body: reference |
1118
1198
 
1199
+ ### `ecommerce_self_register_link`
1200
+
1201
+ <img src="https://content.pstmn.io/d2c9fab1-0bbf-40ea-9022-6cc52b24dbb3/aW1hZ2UucG5n" width="214" height="104">
1202
+
1203
+ This guide explains how **API clients** (eCommerce platforms, marketplaces, plugins) onboard **merchants** (their end customers) and process payments on their behalf through Refácil Pay.
1204
+
1205
+ ---
1206
+
1207
+ ## Overview
1208
+
1209
+ The eCommerce integration follows three steps:
1210
+
1211
+ 1. **Generate a Self Register Link** — Your platform calls the API to obtain a unique registration URL for each merchant.
1212
+ 2. **Merchant registration** — The merchant opens the link and completes onboarding in Refácil Pay.
1213
+ 3. **API consumption** — After successful registration, process payments using either **direct** or **delegated** integration (see below).
1214
+
1215
+ > **Prerequisites:** Your platform must already be registered with Refácil Pay and have valid API credentials (`Authorization` token from the **Authorization** section).
1216
+
1217
+ ---
1218
+
1219
+ ## Integration flow
1220
+
1221
+ ```
1222
+ ┌─────────────────┐ POST /ecommerce/self-register/link ┌──────────────┐
1223
+ │ API client │ ──────────────────────────────────────────► │ Refácil Pay │
1224
+ │ (your platform)│ ◄──────────────── { link } ─────────────────│ │
1225
+ └────────┬────────┘ └──────────────┘
1226
+ │ share link
1227
+
1228
+ ┌─────────────────┐ completes registration ┌──────────────┐
1229
+ │ Merchant │ ──────────────────────────────────────────► │ Refácil Pay │
1230
+ └─────────────────┘ └──────┬───────┘
1231
+
1232
+ ◄──────── POST webhook (registration completed) ───────────────┘
1233
+ ┌─────────────────┐
1234
+ │ API client │
1235
+ └─────────────────┘
1236
+ ```
1237
+
1238
+ ---
1239
+
1240
+ ## Step 1 — Generate Self Register Link
1241
+
1242
+ Call **Generate Self Register Link** with:
1243
+
1244
+ - `storeId` — Your unique identifier for the merchant within your platform.
1245
+ - `returnUrl` — HTTPS URL where Refácil Pay will notify you when the merchant completes registration successfully (also referred to as your **webhook URL**).
1246
+
1247
+ The response contains a `link` URL. Share this link with the merchant (email, dashboard, plugin UI, etc.).
1248
+
1249
+ See the **Generate Self Register Link** request in this section for full request/response details.
1250
+
1251
+ ---
1252
+
1253
+ ## Step 2 — Merchant registration & webhook
1254
+
1255
+ The merchant opens the registration link and completes the Refácil Pay onboarding flow (identity verification and account setup).
1256
+
1257
+ When registration completes successfully, **Refácil Pay sends a notification to the webhook URL** (`returnUrl`) you provided in Step 1.
1258
+
1259
+ See **Registration completion webhook** in this section for payload format, headers, and signature verification.
1260
+
1261
+ > **Important:** Your webhook endpoint must be publicly reachable over HTTPS and respond with HTTP `2xx` to acknowledge receipt.
1262
+
1263
+ ---
1264
+
1265
+ ## Step 3 — API consumption
1266
+
1267
+ After registration, choose one of the following integration modes.
1268
+
1269
+ ### Option A — Direct merchant integration
1270
+
1271
+ The registered merchant obtains their own Refácil Pay API credentials and consumes the API directly. All transactions are naturally associated with that merchant account.
1272
+
1273
+ No additional fields are required beyond the standard payment APIs documented in the **Payments** section.
1274
+
1275
+ ### Option B — Delegated integration (on behalf of the merchant)
1276
+
1277
+ Your platform continues to authenticate with **your own API credentials**, but operations are executed **on behalf of the registered merchant**.
1278
+
1279
+ Include the following object in `reference2` when generating payment resources:
1280
+
1281
+
1282
+ **Example — Generate Payment Link (delegated mode)**
1283
+
1284
+ ``` json
1285
+ {
1286
+ "expiresIn": 12360,
1287
+ "amount": 18000,
1288
+ "brandId": 61,
1289
+ "webhookUrl": "https://your-platform.com/webhooks/payment-status",
1290
+ "returnUrl": "https://your-platform.com/payment/return",
1291
+ "showSummary": true,
1292
+ "reference1": "CGOOsiYQspMpgDD",
1293
+ "reference2": {
1294
+ "Label": {
1295
+ "Name": "Juanita Perez",
1296
+ "Email": "pqacLO87V77DgF62P8PXENA==do",
1297
+ "CellPhone": "1VM6daPPJcXCD4Cw93272oQ==8",
1298
+ "PersonType": "N",
1299
+ "DocumentType": "C",
1300
+ "DocumentNumber": 79706920
1301
+ },
1302
+ "Commerce": {
1303
+ "origin": 1,
1304
+ "storeId": "12345"
1305
+ }
1306
+ }
1307
+ }
1308
+
1309
+ ```
1310
+
1311
+ These identifiers allow Refácil Pay to associate each transaction with the correct merchant while authentication remains under your platform credentials.
1312
+
1313
+ ---
1314
+
1315
+ ## Related sections
1316
+
1317
+ | Section | Purpose |
1318
+ | --- | --- |
1319
+ | **Authorization** | Obtain `Bearer` token for API calls |
1320
+ | **Transactional token** | Required before generating payment resources |
1321
+ | **Payments** | Generate payment links and cash-in resources |
1322
+ | **Webhook Notification** | Payment status notifications (separate from registration webhook) |
1323
+
1324
+ ---
1325
+
1326
+ ## Best practices
1327
+
1328
+ - Generate a **unique `storeId`** per merchant and persist the mapping on your side.
1329
+ - Use **HTTPS** for all webhook URLs.
1330
+ - Implement **idempotent** webhook handlers (the same registration event may be retried).
1331
+ - Verify the **`x-refacil-signature`** header on registration webhooks (see webhook request).
1332
+ - For delegated payments, always send **`reference2.Commerce`** with both `origin` and `storeId`.
1333
+ - Use the **QA environment** for end-to-end testing before production certification.
1334
+
1335
+ Generates a **Self Register Link** for a merchant to onboard in Refácil Pay.
1336
+
1337
+ Use this endpoint when your platform needs to register merchants under your eCommerce integration. Provide a stable `storeId` for each merchant and an HTTPS `returnUrl` (webhook URL) to receive the registration completion notification.
1338
+
1339
+ > **Authentication:** Requires a valid Bearer token obtained from **Login** in the Authorization section.
1340
+
1341
+
1342
+ ### Response
1343
+
1344
+
1345
+ ### Error responses
1346
+
1347
+ | **HTTP** | **When** |
1348
+ | --- | --- |
1349
+ | **401** | Missing or invalid Bearer token. |
1350
+ | **403** | The eCommerce store is not associated with your account. |
1351
+ | **409** | Store already registered, or store configuration incomplete. |
1352
+ | **500** | Unexpected error. Retry with backoff; contact support if unresolved.
1353
+
1354
+ **Parámetros:**
1355
+
1356
+ | Name | Type | Description |
1357
+ | --- | --- | --- |
1358
+ | storeId | string | Campo del body: storeId |
1359
+ | returnUrl | string | Campo del body: returnUrl |
1360
+
1361
+ ### `webhooks_merchant_registration`
1362
+
1363
+ <img src="https://content.pstmn.io/d2c9fab1-0bbf-40ea-9022-6cc52b24dbb3/aW1hZ2UucG5n" width="214" height="104">
1364
+
1365
+ This guide explains how **API clients** (eCommerce platforms, marketplaces, plugins) onboard **merchants** (their end customers) and process payments on their behalf through Refácil Pay.
1366
+
1367
+ ---
1368
+
1369
+ ## Overview
1370
+
1371
+ The eCommerce integration follows three steps:
1372
+
1373
+ 1. **Generate a Self Register Link** — Your platform calls the API to obtain a unique registration URL for each merchant.
1374
+ 2. **Merchant registration** — The merchant opens the link and completes onboarding in Refácil Pay.
1375
+ 3. **API consumption** — After successful registration, process payments using either **direct** or **delegated** integration (see below).
1376
+
1377
+ > **Prerequisites:** Your platform must already be registered with Refácil Pay and have valid API credentials (`Authorization` token from the **Authorization** section).
1378
+
1379
+ ---
1380
+
1381
+ ## Integration flow
1382
+
1383
+ ```
1384
+ ┌─────────────────┐ POST /ecommerce/self-register/link ┌──────────────┐
1385
+ │ API client │ ──────────────────────────────────────────► │ Refácil Pay │
1386
+ │ (your platform)│ ◄──────────────── { link } ─────────────────│ │
1387
+ └────────┬────────┘ └──────────────┘
1388
+ │ share link
1389
+
1390
+ ┌─────────────────┐ completes registration ┌──────────────┐
1391
+ │ Merchant │ ──────────────────────────────────────────► │ Refácil Pay │
1392
+ └─────────────────┘ └──────┬───────┘
1393
+
1394
+ ◄──────── POST webhook (registration completed) ───────────────┘
1395
+ ┌─────────────────┐
1396
+ │ API client │
1397
+ └─────────────────┘
1398
+ ```
1399
+
1400
+ ---
1401
+
1402
+ ## Step 1 — Generate Self Register Link
1403
+
1404
+ Call **Generate Self Register Link** with:
1405
+
1406
+ - `storeId` — Your unique identifier for the merchant within your platform.
1407
+ - `returnUrl` — HTTPS URL where Refácil Pay will notify you when the merchant completes registration successfully (also referred to as your **webhook URL**).
1408
+
1409
+ The response contains a `link` URL. Share this link with the merchant (email, dashboard, plugin UI, etc.).
1410
+
1411
+ See the **Generate Self Register Link** request in this section for full request/response details.
1412
+
1413
+ ---
1414
+
1415
+ ## Step 2 — Merchant registration & webhook
1416
+
1417
+ The merchant opens the registration link and completes the Refácil Pay onboarding flow (identity verification and account setup).
1418
+
1419
+ When registration completes successfully, **Refácil Pay sends a notification to the webhook URL** (`returnUrl`) you provided in Step 1.
1420
+
1421
+ See **Registration completion webhook** in this section for payload format, headers, and signature verification.
1422
+
1423
+ > **Important:** Your webhook endpoint must be publicly reachable over HTTPS and respond with HTTP `2xx` to acknowledge receipt.
1424
+
1425
+ ---
1426
+
1427
+ ## Step 3 — API consumption
1428
+
1429
+ After registration, choose one of the following integration modes.
1430
+
1431
+ ### Option A — Direct merchant integration
1432
+
1433
+ The registered merchant obtains their own Refácil Pay API credentials and consumes the API directly. All transactions are naturally associated with that merchant account.
1434
+
1435
+ No additional fields are required beyond the standard payment APIs documented in the **Payments** section.
1436
+
1437
+ ### Option B — Delegated integration (on behalf of the merchant)
1438
+
1439
+ Your platform continues to authenticate with **your own API credentials**, but operations are executed **on behalf of the registered merchant**.
1440
+
1441
+ Include the following object in `reference2` when generating payment resources:
1442
+
1443
+
1444
+ **Example — Generate Payment Link (delegated mode)**
1445
+
1446
+ ``` json
1447
+ {
1448
+ "expiresIn": 12360,
1449
+ "amount": 18000,
1450
+ "brandId": 61,
1451
+ "webhookUrl": "https://your-platform.com/webhooks/payment-status",
1452
+ "returnUrl": "https://your-platform.com/payment/return",
1453
+ "showSummary": true,
1454
+ "reference1": "CGOOsiYQspMpgDD",
1455
+ "reference2": {
1456
+ "Label": {
1457
+ "Name": "Juanita Perez",
1458
+ "Email": "pqacLO87V77DgF62P8PXENA==do",
1459
+ "CellPhone": "1VM6daPPJcXCD4Cw93272oQ==8",
1460
+ "PersonType": "N",
1461
+ "DocumentType": "C",
1462
+ "DocumentNumber": 79706920
1463
+ },
1464
+ "Commerce": {
1465
+ "origin": 1,
1466
+ "storeId": "12345"
1467
+ }
1468
+ }
1469
+ }
1470
+
1471
+ ```
1472
+
1473
+ These identifiers allow Refácil Pay to associate each transaction with the correct merchant while authentication remains under your platform credentials.
1474
+
1475
+ ---
1476
+
1477
+ ## Related sections
1478
+
1479
+ | Section | Purpose |
1480
+ | --- | --- |
1481
+ | **Authorization** | Obtain `Bearer` token for API calls |
1482
+ | **Transactional token** | Required before generating payment resources |
1483
+ | **Payments** | Generate payment links and cash-in resources |
1484
+ | **Webhook Notification** | Payment status notifications (separate from registration webhook) |
1485
+
1486
+ ---
1487
+
1488
+ ## Best practices
1489
+
1490
+ - Generate a **unique `storeId`** per merchant and persist the mapping on your side.
1491
+ - Use **HTTPS** for all webhook URLs.
1492
+ - Implement **idempotent** webhook handlers (the same registration event may be retried).
1493
+ - Verify the **`x-refacil-signature`** header on registration webhooks (see webhook request).
1494
+ - For delegated payments, always send **`reference2.Commerce`** with both `origin` and `storeId`.
1495
+ - Use the **QA environment** for end-to-end testing before production certification.
1496
+
1497
+ When a merchant **successfully completes registration**, Refácil Pay sends an HTTPS **POST** notification to the `returnUrl` (webhook URL) you provided in **Generate Self Register Link**.
1498
+
1499
+ This notification confirms that the merchant is ready for API consumption. It is **not** a payment status webhook — see **Webhook Notification** for transaction events.
1500
+
1501
+ ### Headers sent by Refácil Pay
1502
+
1503
+
1504
+ ### Body fields
1505
+
1506
+
1507
+ ### Verification
1508
+
1509
+ 1. Read the raw request body.
1510
+ 2. Compute HMAC-SHA256 using your **signing secret** (provided by Refácil Pay).
1511
+ 3. Compare with the `x-refacil-signature` header.
1512
+ 4. Reject requests with invalid signatures.
1513
+
1514
+ ### Handler requirements
1515
+
1516
+ - Respond with HTTP **2xx** to acknowledge receipt.
1517
+ - Implement **idempotency** using `eventId`.
1518
+ - Persist the `storeId` ↔ `userId` mapping for delegated integrations.
1519
+
1520
+ > **Note:** Do not expose this endpoint without signature verification.
1521
+
1522
+ **Parámetros:**
1523
+
1524
+ | Name | Type | Description |
1525
+ | --- | --- | --- |
1526
+ | refacilSignature * | string | Header personalizado: x-refacil-signature |
1527
+ | refacilTimestamp * | string | Header personalizado: x-refacil-timestamp |
1528
+ | originCommerce * | string | Header personalizado: x-origin-commerce |
1529
+ | storeId | string | Campo del body: storeId |
1530
+ | userId | number | Campo del body: userId |
1531
+ | eventId | string | Campo del body: eventId |
1532
+ | activatedAt | string | Campo del body: activatedAt |
1533
+
1119
1534
  ### `merchant_enrollment_data`
1120
1535
 
1121
1536
  This service allows merchants to retrieve enrollment data for the use of the QR interoperable payment method and key creation.